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cyberspace.” 

Hackers  can  and  must  be  part  of  a  collab¬ 
orative  approach  with  the  government  and 
private  industry,  he  said.  “You  know  that  we 
can  protect  networks  and  have  civil  liberties 
and  privacy,  and  you  can  help  us  get  there." 

Alexander  congratulated  the  organizers  of 
Defcon  Kids,  an  event  held  to  teach  children 
how  to  be  white-hat  hackers,  and  described 
the  initiative  as  superb. 


Already,  the  hacker  community  has  built 
many  of  the  tools  needed  to  protect  cyber¬ 
space  and  should  continue  to  create  even 
better  ones,  he  said,  giving  the  example  of 
Metasploit  and  other  penetration-testing  tools. 

“Sometimes  you  guys  get  a  bad  rap,"  he 
said.  “From  my  perspective,  what  you’re  doing 
to  figure  out  vulnerabilities  in  our  systems  is 
great.  You  guys  hold  the  line.” 

According  to  a  New  York  Times  report. 


"mismatch"  between  Fortress  and 
"a  virtual  machine  not  designedio 

only  Java  VM  but  every  currently 
available  VM.  he  said. 

Work  on  Fortress  will  graduaHy 
come  to  a  stop  over  the  next  few 
months.  Steele  said.  The  code 


Oracle's  Programming  Language 


NSA  Glief  Seeks  Help  From  Hackers 


Gem.  KEITH  AUXANOER,  the 

director  of  the  National  Secnrity 
Agency,  asked  hackers  for  help 
semiring  cyberspace  when  he  spoke 
at  the  Defcon  conference  late  last  month. 

“This  is  the  world's  best  cybersecurity 
community,”  said  Alexander,  who  also  heads 
the  US.  Cyber  Command.  “Iri  this  room  right 


Hackers  can  and  must  be  part  of  a  coUah- 
orative  approach  with  the  government  and 
private  industry,  he  said.  "You  know  that  we 
can  protect  networks  and  have  civil  liberties 
and  privacy,  and  you  can  help  us  get  there.” 

Alexander  congratulated  the  organizers  of 
Defcon  Kids,  an  event  held  to  teach  children 
how  to  be  white-hat  hackers,  and  described 

He  stressed  the  need  for  better  information 
sharing  between  private  industry  and  the  gov- 
ernment.  Poiming  out  that  the  country  can’t 
take  steps  to  thwart  cyberattacks  that  aren’t 


on  its  radar  screen,  Alexander  said  it  would 
be  helpful  if  businesses  could  share  informa¬ 
tion  from  their  intrusion-detection  systems 
with  the  NSA  in  teal  time.  He  added  that  the 
agency  currently  has  no  way  to  predict  if,  for 
instance.  Wall  Street  is  facing  a  threat. 

The  next  step  would  be  to  jointly  develop 
standards  to  help  secure  critical  infrastructure 
and  other  sensitive  networks,  he  said. 

Already,  the  hacker  community  has  buih 
many  of  the  tods  needed  to  protect  cyber¬ 
space  and  should  continue  to  create  even 
better  ones,  he  said,  giving  the  example  of 
Metaspidt  and  other  penetration-testing  tools. 

“Sometimes  you  guys  get  a  bad  rap,"  ^ 
said.  “From  my  perspective,  what  you’re  doing 
to  figure  out  vulnerabilities  in  our  systems  is 
great.  You  guys  hold  the  line.” 

According  to  a  New  York  Times  report, 
Alexander  had  earlier  revealed  that  there  was 
a  17-fdd  increase  in  cyberattacks  against  U.S. 
infrastructure  between  2009  and  2011. 

-  Lucian  Constantin,  IDG  News  Service 


The  Defense  Advanced  Research 
Projects  Agency,  which  originally 
funded  Fortress,  pulled  Its  backing 
in  November  2006.  Work  continued 
at  Sun  and  Oracle,  however. 

■We  feel  that  our  effort  has  been 
worthwhile.'  Fortress  project  archi¬ 
tect  and  well-known  computer  sci¬ 
entist  Guy  Steele  said  in  a  blog  post. 
'Many  aspects  of  the  Fortress  design 
were  novel,  and  we  learned  a  great 
deal  from  building  an  interpreter  and 
an  initial  set  of  libraries.' 

However.  Steele  said  that  the 
project  faced  'severe  technical  chal- 


■  'mismatch'  between  Fortress  and 
'a  virtual  machine  not  designed  to 
support  it'  -  and  that  includes  not 
only  Java  VM  but  every  currently 
available  VM,  he  said. 

come  to  a  stop  over  the  next  few 
months.  Steele  said.  The  code 
base  will  remain  open  source,  and 
Oracle’s  Programming  Language 
Research  Group  will  continue  to  re¬ 
spond  to  queries  about  Fortress. 

-  CHRIS  KANARACUS. 

IDG  NEWS  SERVICE 


VlrtuAl  \t\Xrasirucl{ire 


Today,  97%  of  the  Fortune  Global  500  rely  on  VMwareT  the  global  leader  in  virtualization  and  cloud 
infrastructure.  We  helped  your  enterprise  become  cloud-ready.  Now  that  you’re  embracing  cloud 
computing,  we  offer  the  best  path  to  a  secure,  managed  and  controlled  environment.  Because  it’s 

not  just  about  getting  to  the  cloud.  It’s  about  getting  to  your  cloud.  vmware’ 

The  power  behind  your  cloud. 
Visit  vmware.com/whiteboard 


Cloud  Brings  Foreign 
IT  Spending  to  U.S. 

A  Mexion  hotel  chain  and  others  let  U.S.  providers  host 
their  systems  despite ‘FUD’ campaigns  that  aim  to  raise 
questions  about  security  risks.  ^  Patrick  Thibodeau 


ing  scxalled  FUD  (fear,  uncertainty 


questions  about  the  security  o{  U.S.  data 
centers,  said  Daniel  Castro,  an  analyst  at 
the  Information  Technology  and  Innova- 


For  instance,  ads  by  Deutsche  Telekom 
and  other  companies  claim  that  their 
cloud  products  are  more  secure  than 
those  of  U.S.  vendors  because  U.S.  com¬ 
panies  have  to  comply  with  laws  such  as 
the  Patriot  Act,  ejKcutives  from  indus¬ 
try  groups  and  tech  vendors  told  a  U.S. 
House  of  Representatives  subcommittee 
during  a  bearing  late  last  month. 


Uo&hore  IT  services  providers  for  years. 

Now.  thanks  to  cloud  computing,  foreign  compa¬ 
nies  are  starting  to  bring  their  business  to  providers 
of  dau  center  services  located  in  this  country. 

Omsider  Gnipo  Posadas,  a  large  hotel  company  in  Mexico 
that  today  relies  on  five  daU  centers  to  support  more  than  17.000 
guest  rooms  in  over  too  hotels.  Grupo  Posadas  IT  personnel  tun 
three  of  those  data  centers;  the  other  two 


tioning  of  what  the  Patriot  Act  permits,"  said  Justin  Freeman,  the 
corporate  counsel  of  Rackspace,  a  provider  of  hosted  services. 

Such  marketing  efforts,  said  Castro,  represent  a  significant 
threat  to  U.S.  providers  of  cloud-based  services. 

“The  potential  market  for  cloud  computing  is  very  large,  and 
the  U.S.  right  now  is  the  country  that  stands  to  gain  the  most 
from  it,"  said  Castro,  who  also  testified  at  the  hearing. 

Castro  said  most  countries  have  laws  that  are  similar  to  the 
Patriot  Act,  and  some,  including  Canada  and  Australia,  allow 
businesses  to  turn  over  daU  vohin- 


A  new  range  of  customizable  servers  to  support  your  unique  business  needs. 


IBM  System  x3650  M4  Express 


IBM  System  x3530  M4  Express 


Because  no  two  businesses  are  the  same. 

Introducing  the  flexible  new  range  of  IBM  System  x  servers. 


No  tvvo  companies  hawe  the  same  IT  requinements.  Thatfe  why  IBM®  has  a  new  range  of  System  X* 
servers,  built  to  handle  workloads  ranging  from  simple  tasks  to  complex  doud-based  and  business 
applications.  Featuring  the  latest  Intel*  Xeon®  E5-2600  and  E5-2400  series  processors,  these 
servers  can  be  customized  so  that  you  can  select  features  you  need  today  and  add  more  as  your 
business  needs  change.  Additionally,  IBM  Business  Ffertners  can  help  you  find  the  server  that 
meets  your  needs  and  pair  it  with  the  right  IBM  storage,  networking  and  software  solutions  frx  a 
truly  optimized  infrastructure. 
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Hash  Storage  Can  Help 
Some  IT  Operations 

All-flash  storage  systems  are  speedy  -  and  expensive. 

But  rr  execs  say  they  can  be  cost-effectivefor  certain 
enterprises.  By  Lucas  Mearian 


mance  systems  engineer  at  the  chip  maker. 

A  In  virtualization  benchmarking  tests,  the  all-flash 

WhipTail  array  helped  reduce  latency  by  a  factor  of  50  and 
yielded  a  40%  performance  improvement  over  the  company’s 
hard  disk  drives  (HDD). 

While  the  array  is  running  in  a  test  environment,  the  data  is 
real,  consisting  of  email,  databases,  Web  2.0  applications  and 
mote.  “It’s  like  a  teal  life  data  center,"  said  Abounader. 

AMD  is  looking  to  determine  whether  its  servets  could  be 
overcommitted  and  still  run  the  business. 

With  just  one  6TB  flash  array  from  WhipTail,  the  system  was 


255  IT  professionals,  about  7%  of  the 
respondents  said  they  currently  use 
all-flash  arrays  and  6%  said  they  plan  to 
deploy  the  technology  within  18  months. 
Meanwhile,  37%  said  they  plan  to  deploy 
less-expensive  SSD  technology,  up  from 
just  7%  a  year  earlier. 

"We  see  that  flash  is  starting  to  change 
the  business  world,”  said  Kobi  Rozen- 
garten,  a  managing  partner  at  Jerusalem 
Venture  Partners,  an  investment  firm. 

Rozengarten  is  quick  to  admit  that 
NAND  flash  storage  will  never  beat 
the  per-gigabyte  price  of  HDD  systems. 
But  for  applications  like  virtual  desktop 
infrastructures  and  online  relational 
databases,  the  technology  can  be  very 
cost  efiective,  he  contends. 

Vail  Systems,  a  telephony  service 
provider,  turned  to  an  all-flash  setup  to 
boost  database  response  times,  said  David 
Fruin,  vice  president  of  engineering. 

K  customer  cate  and  conference-call  voice 
response  systems,  mostly  for  banks  and  insurance  companies.  As 
the  volume  of  calls  increased,  Vail’s  HDDs  couldn’t  ke^  up. 

So  Vail  initially  added  2.5-in.  Intel  SSDs  to  its  Dell  servers  and 
later  installed  two  iTB  PCIe  flash  modules  from  Virident  Systems. 
The  SSDs  yielded  a  fourfold  improvement  in  performance  over 
the  HDDs.  And  then  the  PCIe  modules  improved  performance  by 
a  factor  of  10.  “We  were  looking  for  four  times  im[Kuvement  and 
we  got  10  times,  so  we  were  surprised,"  said  Fruin. 

Fruin  acknowledged  that  the  technology  is  expensive  —  each 
Virident  module  cost  $13,000.  But  other  systems  aren’t  neces¬ 
sarily  cheaper.  “[Flash  costs]  a  lot  of  money,”  he  said,  “[but]  the 
akemative  was  to  throw  a  lot  of  RAM  into  the  boxes,  which  is 


Vail  runs  ini 


throw  a  lot  of  RAM 
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ITprobtemsi 


Easy-to-deploy  IT  physical  infrastructure 


Make  the  most  of  your  IT  space! 

Download  our  Top  3  solution  design  guides 
today  and  enter  to  win  an  iPad®  2. 
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in  ywr  rale  IS  007  It's  been  itKiedibly  valuable  not 
just  in  tenns  of  how  I  think,  how  I  run  my  oiganization 
and  how  I  prioritize,  but  also  in  terms  of  the  tried  1  have 
with  my  peers.  They  know  I’ve  walked  in  their  shoes. 


AOPnasapianterofUiisoftwari-as-a- 
sirvki  model.  How  has  that  busiiwss 

dianfed?  The  most  fundamental  shift  I've 
seen  is  the  consumerization  phenom¬ 
enon.  For  many  years,  our  clients  —  the 
people  who  1  support  both  internally 
and  externally  —  were  peojde  who 
!ie  paid  to  come  in  and  use 
3ur  systems.  Sometimes  those 
IT  systems  were  fairly  ugly, 
but  it  mattered  less  because 
people  had  to  use  them. 
Now  many  of  the  people  we 
are  dealing  with  are  end 
users  because  we’re  doing 
more  user  self-service. 

So  the  molde  and  social 
components  of  this  have 
taken  off.  People  expect 
an  excellent  experience 
with  technology.  That  puts  a 
lot  of  pressure  on  IT  on  the 
usability  and  innovation 
front.  We  have  to  make 
sure  we’re  keeping  up. 


as  the  pamMaddy  of  seas 
affect  how  you  do  IT  Internally? 

We  push  out  as  much  as  we  can  to 
the  doud,  including  expense  report¬ 
ing,  procurement  and  salesfbrce 
automation.  Every  conversation  1  have 
starts  with,  “Can  we  do  this  in  a  SaaS 
model?”  It  takes  a  lot  of  convincing 
for  me  to  do  something  internally. 

What  aren’t  you  wfliinc  to  move  to  a 
SaaS  provider?  Back-office  financial 
systems.  We’re  waiting  fix  that  in¬ 
dustry  to  mature.  But  I  would  not  be 
surprised  if  in  another  year  or  two 
we’te  having  a  convetsation  about 
why  that  can’t  be  pushed  out  into 
an  on-demand  model. 


U  People  expect  an  excellent 
experience  with  technology. 

That  puts  a  lot  of  pressure  on  IT  on 
the  usability  and  innovation  front. 


WInt  othor  dond  sorvkH  are  yno  iHlng?  We’ve 
already  built  an  internal  cloud  both  for  our  clients 
and  for  all  of  the  services  we  provide  to  our  R&D  or¬ 
ganization  and  our  business  community.  R&D  people 
can  provision  their  own  servers.  And  even  though 
we  have  two  Tier  4  data  centers,  we  still  leverage 
infrastructure  as  a  service.  We  use  Amazon  [ECz],  for 
example,  for  some  of  our  mobile  development  so  that 
the  ecosystem  of  partners  we  work  with  are  in  the 
cloud,  not  coming  into  our  infrastructure. 


What  tcdmolocy  prelects  does  ywir  company  plan 
to  roB  out  in  the  next  12  months?  We’re  going  to  roll 
out  analytics  to  our  clients.  Not  only  will  they  get 
their  data  back  and  see  some  pretty  cool  visualization 
analytics,  but  they  will  be  able  to  benchmadt  against 
other  companies.  Think  of  it  as  a  kind  of  workfixee 
index  that  an  HR  person  can  have  on  their  desktop.  So 
for  example,  you  can  see  if  you’re  below  market  for  a 
given  job  code,  and  there  will  be  a  dashboard  you  can 
drill  into  to  get  additional  benchmarks. 

What  1$  the  key  to  kncplnf  ahead  with  the  tnchnol- 
Ofy?  We  preach  that  change  is  inevitable  and  we  keep 
the  pressure  on  all  the  time.  When  you’re  successful, 
the  pressure  is  not  there.  But  everyone  remembers 
that  IBM  was  the  most  profitable  software  company 
in  the  world  and  then  two  years  later  they  were 
recording  a  loss.  I  also  use  the  Kodak  example  all 
the  time.  We  want  to  keep  that  in  front  of  people 
and  create  a  sense  of  urgency,  even  if  our  financial 
metrics  don’t  show  any  urgency. 


HOW  has  tcchnolocy  chauflcd  your  busiucfs  model? 

We’re  putting  more  and  mote  stuff  on  mobile  apps, 
which  eats  into  other  parts  of  our  business  because 
we  don’t  charge  for  those  aj^.  For  example,  we  used 
to  charge  for  delivery  of  pay  slips  and  reports.  Now 
it’s  all  online.  These  are  changes  in  the  business 
model  that  we  have  to  get  used  to. 

What’S  your  hincst  pot  peave  in  this  business?  It’s 
this  whole  concept  that  the  cloud  is  something  new. 
We’ve  been  doing  this  for  a  long  time  and  this  is  just 
another  way  of  transacting  business.  All  of  the  hype 
is  driving  me  up  the  wall,  quite  frankly. 

What  efflcrtbig  technolo^  are  you  most  exdted 
ahout?  The  b^  data  technology  that’s  come  out,  the 
Hadoops  of  the  world.  That  opens  up  opportunities 
in  terms  of  our  ability  to  provide  analytics.  We’te 
capturing  what  people  are  doing  on  our  websites,  in 
our  applications  and  mobile  apps,  and  using  that  to 
predict  what  they’re  going  to  do  next.  We  now  have 
the  ability  to  process  and  analyze  all  of  that  data  so 
quickly  and  cheaply.  This,  1  think,  is  going  to  be  a  big 
game-changer. 
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1&1  -  get  more  for  your  website! 


More  Included: 

Free  domain*,  free  e-mail 
accounts,  unlimited  traffic, 

NEW:  Adobe'  Dreamweaver'' 
CSS. 5*  and  much  more. 

More  Privacy: 

Free  private  domain  registration. 

More  Reliability: 

Maximum  reliability 
through  hosting 
simultaneously 
across  two  seperate 
data  centers. 


What  is  Dual  Hosting? 

Your  website  hosted 
across  multiple  servers  in 
2  different  data  centers, 
in  2  different  geographic 
locations 
Dual  Hosting, 
maximum  reliability. 


ALL  1&1  HOSTING  PACKAGES 

$3.99, 

SAVEUPTO60%r 


DOMAIN  OFFERS:  .COM/.ORG  JUST  $  3.99  (first  year)' 
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Cloud  Computing 

The  Autonomies  behind  the  Economics 


I  Cloi 

[  Th( 

In  recent  yean,  cloud 
computing  has  moved 
from  the  fringe  to  the  main¬ 
stream  of  enterprise  IT  practice.  The 
adoption  of  this  flexible,  service-based  ap¬ 
proach  to  computing  has  been  catalyzed  in^ 
large  part  by  the  promise  of  improvements 
in  IT  efficiency  and  reductions  in  data  center 
expenses.  But,  too  often,  CIOs  and  financial 
managers  fail  to  understand  the  critical  role 
application  servers  play  in  realizing  cloud 
computing's  economic  and  operational 
potential. 

The  dynamic,  virtualized  and  highly 
utilized  infrastructure  which  is  characteristic 
of  the  best  cloud  environments  requires  a 
foundation  of  powerful,  imelligent,  cost- 
effective  servers.  Ideally,  these  servers  will 
manual  IT  operations. 


can  drastically  cut  administrative  and  main¬ 
tenance  costs;  reduce  energy  usage  by  ensur¬ 
ing  servers  run  as  efficiently  as  possible;  and 
minimize  the  potentially  astronomical  costs 
of  downtime  by  addressing  problems  before 
they  result  in  catastrophic  failures. 

These  and  other  TCO-reduction  benefits 
are  ultimately  much  more  impactful  to 
corporate  bottom  lines  than  are  the  relatively 
simplistic  retum-on-investment  (ROI) 
analyses  that  traditionally  have  served  as  the 
primary  economic  evaluation  factor  for  ap¬ 
plication  servers. 

Next-gen  servers  reduce  costs 
HP  designed  its  latest  generation  of  tack 
and  blade  servers  -the  HP  ProLiant  Gen8 

Ideally,  these  servers  will  automate  many  once-mahual  IT 
operations,  leading  to  significant  improvements  in  cloud 
computing  TCO  and  performance. 


driving  significant  improvements  in  total  portfolio-in  large  part  to  address  the  needs 

cost  of  ownership  (TCO)  and  performance.  of  virtualized  cloud  computing  and  other 

high-demand  IT  environments.  The  HP 

intelligence  and  autonomies  ProLiant  Gen8  servers  deliver  more  than  150 

remove  costs  new  features  compared  to  earlier-generation 

Application  servers  that  require  laborious  servers,  including  many  that  leverage  the 


Add  “redefined 
the  data  center” 
to  your  resume. 


HP  ProLiant  Gen8  servers.  So  intelligent,  they’ll  transform 
your  expectations  of  the  data  center. 

The  next  generation  of  HP  ProUant  seners  with  HP  ProActive  Insight  architecture 
brings  over  1 50  groundbreaking  design  innovations*  that  will  reshape  how  you  meet 
demanding  service  level  agreements  and  boost  performance  in  your  data  center. 
With  6X  increased  performance*,  3X  improved  admin  productivity*,  and  increased 
uptime*,  you  can  turn  IT  innovation  into  business  acceleration. 

The  power  of  HP  Converged  Infrastructure  is  here. 


Watch  a  new  Computerworld  video  about  HP  ProLiant  Gen8 
servers  at  hp.com/servers/genSracks  or  scan  the 
QRcode  below. 


HP  ProLiant  DG60p  Gen8  servers  and  HP  ProLiant  DL380p  Gen8  servers 
powered  by  the  Intel*  Xeon*  processor  E5-2600  series 


OPINION 


Assess  Your  Surroundings 
From  2,000  Feet  Above 


From  that 
vantage 
point  you 
can  learn 
whata 
community 
values. 


Paal6lM,CEOof 

Leading  Geeks,  is 
devoted  to  clarifying 
die  murky  work)  of 
human  emotion  for 
people  who  gravitate 


book  is  8  Steps  to 
Restoring  Client  Trust: 
APro/essionarslMde 
to  Uanaging  Client 
Conflia.  you  can 
contact  him  at  infoe 
leadii%geeks.com. 


’VE  SPENT  THE  PAST  TWO  WEEKS  flying  my  experimental  two-seater 
across  the  coimtry,  landing  at  small  airports,  pitching  my  tent 
wherever  I  can,  bouncing  in  the  thermals,  and  mostly  observing  the 
world  from  a  couple  thousand  feet  up.  From  that  vantage  point,  you 


can  learn  wfaat  a  community  values.  The  same  is 
true,  in  a  Bgurative  sense,  with  cnganizations. 


What  can  you  glean  from  a  literal  Mid  s<ye 
view?  Craisider  the  impression  I  got  of  Canadian, 
Texas,  a  small  town  near  the  Oklahoma  border. 
When  I  looked  down  on  the  town  from  the  air,  it 
seemed  like  a  familyHiriented  place,  neither  rich 
nor  poor,  since  most  of  the  housing  consisted  of 
sing^family  homes  with  small  yards.  It  was  easy 
to  see  that  the  town  was  suffering  terribly  from 
this  summer's  drought.  Every  yard  was  brown 
and  dry,  as  was  the  terrain  for  at  least  50  miles 
in  every  direction,  with  one  small  but  significant 
exception:  At  the  southern  end  of  town,  a  hrilliant 
green  football  field  was  surrounded  by  a  bright 
orange  running  track  and  had  the  name  of  the 
team,  Canadian  Wildcats,  emhiazoned  in  the  end 
zones.  White  bleachers  lined  both  sides  of  the 
field,  which  sat  next  to  a  large  parking  lot.  The 
field  looked  very  much  like  an  oasis. 

TYue,  you  don’t  get  a  lot  of  detail  when  viewing 
it  firran  2,000  feet  in  the  air,  I  couldn't  tell 
whether  the  field  had  been  watered,  replaced  with 
artificial  turf  or  painted  green.  But  it  was  clear 
nonetheless  that  the  townsfirlk  of  Canadian  take  a 
lot  of  pride  in  that  patch  of  ground.  It  told  me  that 
for  Canadians,  football  is  more  than  a  game,  and 
that  field  is  more  than  just  a  place  for  their  kids 
to  play.  The  Canadian  Wildcats' field  is  a  public 
fotiim  where  the  community  can  come  together, 
bond  and  express  their  pride. 

All  communities,  even  project  teams  and 

tant  to  them,  and  those  choices  are  often  indelibly 


marked,  visible  to  the  observant  —  just  as  the 
things  that  are  important  to  the  residents  of  Cana¬ 
dian,  Texas,  were  apparently  visible  to  me  from  a 
couple  thousand  feet  above. 

Whether  you’re  joining  a  technical  team  or 
working  across  the  divide  with  nongeeks,  the 
things  you  learn  about  what's  important  in  your 
new  environment  can  determine  what  sort  of 
first  impression  you  make  and  whether  you  will 
be  embraced  or  rejected  by  your  new  colleagues. 
Violate  unspidien  rules  of  conduct,  and  you  may 
be  in  for  a  tough  ride. 

For  example,  I  was  called  in  for  a  meeting 
with  a  potential  consulting  client.  As  I  arrived, 

I  notic^  that  the  company  had  cubicles  with 
low  walls,  cubicles  with  medium  walls,  cubicles 
with  high  walls,  small  offices  with  no  windows, 
midsize  offices  with  small  windows,  and  large 
offices  with  big  windows  and  meeting  tables. 
Without  exchanging  a  word  with  anyone  at  the 
company,  I  knew  that  this  was  a  place  that  had 
a  hi^  regard  for  hierarchy.  So  I  knew  that  I 
should  focus  my  attention  on  the  CIO  rather  than 
any  at  his  lieutenants;  they  wouldn’t  be  making 
any  decisions  arxl  probably  wouldn’t  voice  any 
public  opinions.  I  acted  on  that  assumption  in  the 
meeting,  and  my  suspicions  were  confirmed.  In 
the  end,  the  CIO  hired  me.  I  doubt  that  he  would 
have  if  my  behavior  had  not  reflected  recognition 
of  the  company’s  strict  pecking  otiler. 

So  when  you  engage  with  new  people,  pay  atten¬ 
tion  not  only  to  the  tasks  that  you  ate  asted  to  do, 
but  also  to  the  values  of  the  group.  A  quick  glance 
from  2,000  feet  can  tell  you  all  you  need  to  know.  ♦ 


16  cowrnTiaaeiLD  august  13.  2017 


LIFEBOOK 

with  the  2nd  Gen  Intel*  Core™  vPro™  processor  family  -  Enriches  your  life. 
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FUJITSU 
Tested  For  the 


It's  all  about  survival  of  the 

With  the  2nd  Gen  Intel*  Core™  vPro™  processor  family,  l 
T901  Tablet  PC  delivers  best  (terforma nee  in  a  lightweight,  'semi-tugged' 
MIL-STD-810G  tested  convertible  tablet  form  factor.  The  bright  13.3-inch  LED 
backlight  display  is  a  pleasure  to  use,  with  maximum  networking  connectivity 
and  an  optional  modular  bay  battery  allowing  for  all-day  computing.  The 
LIFEBOOIfs  rock-solid  security  suite  make  it  a  perfect  fit  for  today's  demanding 
business  and  commercial  environments.  So  nothing  can  stop  you  now. 


shaping  tomorrow  with  you 


SOMETIMES  NOT  ADOPTING  A  HOT  NEW  TECHNOLOGY  IS  THE 

WISEST  BUSINESS  DECISION  YOU  CAN  MAKE.  BY  MINDA  ZETLIN 


A  FEW  YEARS  AGO,  when  Bill  Weeks  was  CIO  at  a  leasing  company,  a  big 
vendor  pitched  some  software  intended  to  manage  leasing  throughout 
Europe.  Weeks  was  skeptical.  “We  noticed  that  half  the  stuff  they  were 
showing  us  was  PowerPoint  slides  and  not  actual  functionality,"  he  says. 
“We  decided  it  wasn't  strong  enough  to  run  a  business  on.” 

He  and  his  team  decided  to  pass. 

It's  the  kind  of  decision  that  aOs  have  to  make  all  the  time.  With  the 
pace  of  tech  innovation  growing  ever  faster,  IT  leadm  find  themselves 

adopt  a  promising  new  technology  and  risk  the  unknowns  that  a  new 
imi^ementation  brings,  or  decline  —  and  risk  letting  their  companies  fall 
behind  the  technological  curve.  The  wrong  decision  could  destroy  a  career. 
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Saying  no  will  often  leave  a  CIO  wondering  what 

Hype  vs.  Reality: 

ware.  Weeks  got  a  definite  answer.  Some  time  after 
taking  a  pass  on  the  system,  he  took  a  job  at  a  differ¬ 
ent  company  —  one  that  had  already  implemented 

How  to  Tell  the  Difference 

to  10  brii«  a  busin»  value  to  your  organizalkxi.  eithn- W  reduong  costs 
ortxhenrise  inipnmng  the  tnttotn  Bn^ 

SouxfcgreaL  in  prindple.  in  practice,  every  tethnokigy  vendw  has  a  det^ 
explaialion  of  how  each  of  its  products  »«  help  your  company.  ITS  up  to  you 

that  software.  Sure  enough,  “the  vendor  had  oversold 
and  underdelivered."  he  says.  "It  was  supposed  to 
work  in  all  of  Europe,  but  they  had  only  completed 
the  program  for  one  country,  and  even  with  that  one 
we  needed  manual  workarounds.” 

Weeks  spent  the  next  five  years  working  with  the 
vendor  as  it  gradually  developed  its  product  to  the  point 
that  it  offered  the  functionality  originally  promised. 

"Fortunately,  the  CEO  had  mandated  that  this  be  a 
fixed-bid  contract,"  he  recalls.  "The  contract  said  what 

V  iByaunandhawiiiiplenientedtlustechncilogv.'wettemann 
■  advises.  *Tale  the  best  data  they  have  on  the  RCh  they  received. 

UsethatesdmaleasatoolformaldngouroiMidedsions.' 

Iheirptoducts*i«benelityourbusinessinl0orl5ways.while 
dot  may  be  Out  hnost  RCh  from  new  technology  comes  from 

the  software  was  supposed  to  do,  and  we  would  have 
an  annual  conversation  about  how  it  wasn't  quite  there 
yet.”  Manual  workarounds  were  put  in  place  irritially, 
and  a  triage  approach  was  established  with  the  vendor, 
so  that  the  problems  that  were  the  biggest  productivity 
drains  would  be  fixed  first.  The  other  costs  were  pecqrle 
and  travel.  The  business  unit  was  headquartered  near 

London,  and  most  of  the  IT  team  was  based  in  the  US., 
so  travel  to  the  UK.  was  required  several  times  a  year. 

The  original  decision  to  forgo  the  leasing  software 
"was  one  of  those  cases  where  you  say,  'Wow,  1  made 

■■  oiWtwoorthceebeneliis.'Weltemannsays.'Soonlyloohat 

the  lop  ditee  benefits,  and  oy  to  quamiMhem  In  a  meaningful  way.' 

HniaMrMipitaMir  If  virtualization  software  lets 
you  skip  buying  a  new  server,  calculating  the  ROI  is  pretty 
straightforward.  But  v»hen  ROI  doesn't  come  from  direct  sav- 
ings  or  specific  efficiency  gains,  rs  harder  to  pin  dovm. ‘An 
mcrease  in  brand  vahK  might  increase  the  Bkelihood  that  new  or  existing 
custorners  wfil  make  purchases.' Wetteinann  says.  The  more  steps  1  have  to 
go  throu^  to  get  to  dokars.  the  more  indirect  the  value  proposition.' 

mm  MlkmtagRiPianifKiaMprrftfyauknowyou 

ing  the  problem  anyway.”  says  Weeks,  who  today  is 
senior  vice  president  and  CIO  at  SquareTwo  Finan¬ 
cial,  a  Denver-based  asset  recovery  and  management 
company  with  annual  revenue  of  about  $227  million. 

Unfortunately,  it's  rate  that  a  new  technology  is 
as  clearly  not  ready  for  prime  time  as  the  leasing 
software  that  Weeks  encountered.  Most  products  and 
services  look  good  —  on  paper.' And  most  come  with 
clear  case  studies  that  show  how  they  will  help  boost 
your  company's  ROI  —  again,  on  paper. 

In  the  teal  world,  those  calculations  can  be  tough 
to  make  (see  "Hype  vs.  Reality,”  at  left).  Neverthe¬ 
less,  IT  executives  must  decide  every  day  whether  to 

data' and  wanting  to  get  m  on  k,  you  may  be  considering  a 
product  because  of  the  category  it  falls  Into,  not  because  of 
ks  actual  capabOdes.  tue've  seen  it  over  and  over  again,  with  knowledge 

says.  ■People  need  to  categorize  something  and  make  generalizations  about 

C  Forget  the  category,  she  advises. 'instead,  ask  yourself:  What  is  the 
specific  business  problem  rm  trying  10  solve,  and  will  this  help  me  do  kr 

IMRgMalkaMaaiTM7'Wecalitthe-MomTest" 

weltemann  says.  To  be  able  to  get  employees  to  use  a  new 
technology  effectively,  they  ha\«  to  be  able  to  understand  k 
and  viihatks  benefits  are.  So  if  you  coukkit  explain  k  to  your 

invest  in  a  great-sounding  new  technology,  or  leave 
it  alone.  Sometimes,  products  that  are  well  designed 
and  work  great  —  and  might  even  create  value  for 
your  company  —  are  still  not  a  good  investment. 

Here  are  four  good  reasons  to  say  “Thanks,  but  no  i 

thanks!”  to  an  enticing  new  offering. 

irs  Too  Early 

“Timing  matters  ”  says  Rob  Meilen,  vice  president 
and  CIO  at  Hunter  Douglas  North  America.  The  Peari 

River,  N.Y.-based  company,  which  makes  window 
treatments,  is  part  of  ie  Hunter  Dou^as  Group,  bead- 
quartered  in  the  Netherlands,  with  annual  revenue  d 

mom  and  have  her  make  sense  of  it  you  shouldn't  be  spending  money  on  it' 

more  than  $2.4  billion  and  more  than  17,000  employ¬ 
ees  worldwide.  “You  look  at  a  product  and  say,  ‘Good 
idea,  but  not  now,’ "  Meilen  says.  Though  he  does  point 
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Before  working  at  Hunter  Douglas,  Meilen  was 

Id  Tell  the  Difference 


so  travel  to  the  UK.  was  required  several  ( 
The  original  decision  to  forgo  the  leasi 
“was  one  of  those  cases  where  you  say, 
the  right  decision!’  Although  I  wound  up 


vho  today! 


ility,”  at  left).  Neverthi 
cide  every  day  whethe 
new  technology,  or  lea 
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and  CIO  at  Hunter  Douglas  North  Arnerica.  The  I 
River,  N.Y.djased  company,  which  makes  window 
treatments,  is  part  of  the  Hunter  Douglas  Group,  I 
quartered  in  the  Netherlands,  with  atmual  revenu 
more  than  $2.4  hillion  and  more  than  17,000  emp 
ees  worldwide.  “You  kx*  at  a  product  and  say, ‘Go 


Saying  no  will  often  leave  a  CIO  wondering  what 
might  have  been.  But  in  the  case  of  the  leasing  soft¬ 
ware,  Weeks  got  a  definite  answer.  Some  time  after 
taking  a  pass  on  the  system,  he  took  a  job  at  a  differ¬ 
ent  company  —  one  that  had  already  implemented 
that  software.  Sure  enough,  “the  vendor  had  oversold 
and  underdelivered,”  he  says.  “It  was  supposed  to 
work  in  all  of  Europe,  but  they  had  only  completed 
the  program  for  one  country,  and  even  with  that  one 
we  neeM  manual  workarounds.” 

Weeks  spent  the  next  five  years  working  with  the 
vendor  as  it  gradually  developed  its  product  to  the  point 
that  it  offered  the  functionality  originally  promised. 
“Fortunately,  the  CEO  had  mandated  that  this  be  a 
fixed-bid  CMitract,”  he  recalls.  “The  contract  said  what 
the  software  was  supposed  to  do,  and  we  would  have 
an  aimual  conversation  about  how  it  wasn't  quite  there 
yet”  Manual  workarounds  were  put  in  place  initially, 
and  a  triage  approach  was  established  with  the  vendor, 
so  that  the  problems  that  were  the  biggest  productivity 
drains  would  be  fixed  first.  The  other  costs  were  people 
and  travel  The  business  unit  was  headquartered  near 


No  matter  how 
evolves, 

ril  be  ready.  |  • 


KAPLAN  UNIVERSITY  t  SCHOOL  OF  INFORMATION  TECHNOLOGY 
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opportunities.  Strengthen  your  ability  to  lead  projects,  acquire  the  soft  skills  to  inspire 
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chose  not  to  adopt  an  early 
version  of  Google  Wallet. 
The  technology  had  some 
promise,  but  it  wasn't  well 
thou^t  through,”  he  says. 
“It  would  have  worked 
well  on  the  consumer’s 
phone,  but  Google  was 
unprepared  for  how  it  was 


my  enterprise  systems.” 

In  addition,  he  noted,  most  smartphones  at  the  time 
didn’t  contain  the  Near  Field  Communicatioa,  or  NFC, 
chips  required  for  Google  Wallet  to  work.  “I  look  back 
at  that,  and  it  was  the  right  use  of  our  resources  at  the 
time,”  he  says.  That’s  not  to  say  that  same  piece  of  tech¬ 
nology  wouldn’t  be  a  good  fit  somewhere  down  the  road, 
as  NFC  chips  in  phones  become  mote  common.” 

In  general,  CIOs  agree,  it’s  probably  best  not  to  be  a 
truly  early  adopter.  “A  kx  of  organizations  I  work  with 
don't  want  to  be  on  the  bleeding  edge,”  says  Rachri  Dines, 
an  analyst  at  Forrester  Research.  "Before  there  ate  a  lot  of 
positive-use  cases  to  review,  there’s  no  good  scientific  way 
to  sort  out  the  hype  from  the  reality.  So  while  there’s  a  lot 
of  benefit  in  that  approach,  there’s  a  huge  risk,  toa” 


lyentahtaf  that 
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Kevin  Rrtberts,  CIO  at  Abilene  Christian  University 
in  Texas,  which  has  about  4,700  students,  knows  about 
early  adoption  risks  firsthand.  “We  made  a  big  run  at 
document  imaging,”  he  says.  This  was  a  long  time  ago, 
in  the  late  tggos.  We  had  the  whole  paperless  office  men¬ 
tality.  We  thoi^ht, ‘We’ll  scan  everything  and  sit  at  out 
computers  and  pull  up  whatever  we  need’ "The  problem, 

would  make  them  easy  to  find  “We  spettt  a  lot  of  money 
on  this,  and  we  had  to  walk  away  —  we  couldn't  make 
it  wotk,”  RobetU  says.  Today,  be  adds,  the  university  has 

so  some  of  that  dream  of  a  paperless  office  is  now  coming 
true.  But  “t3  years  ago,  it  wasn’t  the  r^  time,”  he  says. 

The  Vfendor  Is  Unproven 

Many  of  today’s  most  innovative  new  products  are 
created  by  small,  entrepreneurial  companies.  That’s  great 
news  for  the  American  spirit  of  innovation,  but  working 


with  startups  can  make  an  enterprise  CIO  nervous.  “In 
one  case,  we  were  going  to  be  funding  ioO%  of  a  com¬ 
pany's  payroll,”  Weeks  recalls.  “We  had  to  wonder,  'Will 
they  have  other  companies  that  use  it,  or  ate  they  going 
to  go  out  of  business  as  soon  as  we  stop  writing  checks?’” 

If  that  happened,  the  company  might  have  been  left 
with  a  great  product,  but  no  support  or  continued  de¬ 
velopment.  “Thete  are  ways  around  that.  For  insUnce, 
we  could  have  said  that  as  part  of  our  agreement  we 
couM  take  over  the  source  code  if  that  happened," 
Weeks  says.  "But  having  developers  work  on  someone 
else’s  code  is  very  painful.” 

Wedts  and  his  team  decided  to  pass  on  the  new 
product,  and  when  they  did,  he  recalls,  “I  remember 
the  [vendor’s]  CEO  saying,  Tm  going  to  call  you  once  a 
week  until  you  buy  our  product,’ He  only  called  for  about 
three  weeks.”  Sure  enou^,  about  a  year  and  a  half  later, 
the  vendor  went  out  <rf  business.  “It  was  a  company  that 
wasnl  solid  from  a  financial  perspective,  even  though 
they  had  a  great  product,”  Weeks  says. 

And  even  if  the  vendor  ofering  a  new  product  is  on 
solid  footing,  switching  away  from  a  vendor  you  have 
a  long-term  relationship  with  can  be  risky.  “You  have 
to  look  at  your  partnerships,”  Weeks  says.  “Bringing  in 
a  new  vendor  v^  have  a  benefit  in  the  short  term.  If 
you’re  looking  at  other  products,  your  long-established 
vendors  will  be  on  their  toes  —  they  won’t  want  you 
going  to  that  product.  But  if  you  do  it,  will  they  be 
upset?  If  you  were  a  high-profile  client  for  them,  you 
mi^t  not  be  as  high-profile  anyttmre.  You  mi^t  get 
less  attention,  less  fo^  and  less  expenise.  I’m  not 
suggesting  you  should  base  your  de^on  solely  on  that, 
but  it’s  something  to  consider.” 

We're  Not  Ready 

Sometimes,  both  a  product  and  its  vendor  have  proven 
track  records.  It  might  be  dear  that  this  would  be  a  solid 
investment  —  but  your  (xganization  mi^  be  unpre¬ 
pared  to  take  advantage  of  0.  Recently,  Jason  Coten,  CIO 
at  New  York-based  Diversified  Agency  Services  (DAS), 
considered  a  move  to  the  public  cloud.  But  he  eventually 
decided  that  DAS  —  a  holding  company  for  more  than 
tgo  of  the  world’s  largest  advertising  agencies  and  com¬ 
munications  firms  —  wasn’t  ready. 

“Our  companies  all  have  different  IT  fixrtprints  and 
different  processes  and  procedures,  so  we  determined 
there  was  a  significant  ride  in  moving  to  the  public 
cloud,”  Cohen  notes.  “We  realized  we  aren’t  mature 
enou^  for  the  move,  whether  few  storage  or  email. 
Instead,  our  determirration  was,  'Let’s  build  the  best 
technology  we  know  how  and  aggregate  our  IT  ap¬ 
proach.  And  then  we  may  be  ready  later  oa’ ” 

Before  adopting  a  new  technology,  Meilen  says,  it’s 

can  take  on  all  the  tasks  that  an  implementation  would 
requite.  “If  it’s  a  anall  or  young  [vendw],  do  I  have  the 
skilk  in  ttry  organization  to  engage  with  them?”  be 
says.  “There  are  capabilities  a  large,  well-established 
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ipport  mai^rames!' ”  new  techmJogy.’niat’s  part  of  our  responsibility  withii 

“Someone  early  in  my  the  enterprise.  There  aren’t  a  lot  of  functions  that  own 

'  said  to  me  that  part  responsibility  for  taking  risks,  but  IT  and  the  CIO  do." 


BUSINESS  INTELLIGENCE 


TTie  Science  of 
Customer  Loyalty 

[Guesswork  no  longer  cuts  it  for  companies  trying  to  secure  customer 
loyalty.  Read  how  three  businesses  use  anafytics  software  to  understand, 
respond  to  and  even  predict  buyer  behavior.  BY  MARY  brandel 


I 


M  TOOAY*S  INTENSELY  COMPETITIVE  and  East-changing 
mari(et{Jace,  companies  can  no  longer  rely  on  gut  instinct, 
guessw^  or  “bu^ness  as  usual  ”  Across  all  industries, 
businesses  are  turning  to  data  analytics  to  quickly  and  ac- 
cuiately  le^xind  to  and  even  predict  buyer  behavior  in  their 
quest  grow  revenue  while  securing  custcxner  loyalty. 

Hie  desire  to  engage  with  customers  more  effectively 
is  fueled  in  part  by  what  many  see  as  a  shift  in  power 
from  sellers  to  buyers,  thanks  to  social  media  and  the 


r^  of  mobile  computing.  In  IBM’s  most  recent  Global  CEO 
Study,  in  fact,  more  than  70%  of  CEOs  said  they  were  seeking  a 
better  understanding  of  individual  customer  needs  and  improved 
responsiveness  to  those  desires.  And  according  to  IDC  research, 
the  global  maricet  for  business  analytics  software  grew  14%  in 
2011,  compared  with  11.6%  the  year  before,  and  is  slated  for  9.8% 
compound  annual  growth  between  now  and  2016. 

Here  is  a  look  at  two  companies  that  are  striving  to  culture  the 
loyalty  of  their  customers  through  the  use  of  analytics. 
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T-Mobile:  Combatting  Customer  Chum 

For  wireless  providers,  customer  chum  can  be  a  killer.  According 
to  research  from  Strategy  Analytics,  at  the  end  of  aorr,  the  per¬ 
centage  of  mobile  customers  who  switch  service  providers  every 
year  reached  44%,  its  highest  level  ever. 

T-Mobile  is  one  carrier  that  has  been  feeling  that  pain. 
Dwarfed  by  AT&T  and  Verizon  Wireless  in  market  share,  the 
company  was  losing  one  customer  for  every  customer  it  gained 
in  early  2012.  according  to  a  statement  by  former  CEO  Philipp 
Humm  earlier  this  year.  To  offset  that  trend,  T-Mobile  is  digging 
into  its  customer  data  to  better  understand  buyer  behavior  and 


"Customers  have  so  many  dynamic  r^ons  right  now,"  says 
Alison  Bessho,  director  of  IT  enterprise  systems  at  T-Mobile. 
“They  can  easily  get  intrigued  by  something  new  with  a  different 
company,  so  in  order  to  keep  them  happy,  we’re  always  looking 
for  creative  ways  to  give  them  something  new  and  different.” 

To  that  end,  T-Mobile  uses  a  Teradau 
database  and  analysis  tools  from  SAS  to 
collect  and  analyze  customer  data,  includ¬ 
ing  current  plan  rates,  the  number  of  family 
plans  versus  individual  plans,  credit  ratings, 
network  usage  metrics  and  sutistics  com¬ 
paring  the  amount  of  talking  time  and  the 
amount  of  texting  time.  It  then  segments  the 
customer  base,  builds  focused  campaigns  for 
different  customer  profiles  and  presents  of¬ 
ferings  via  its  various  sales  channels,  includ¬ 
ing  stores,  call  centers  and  websites. 

The  marketing  team  then  analyzes  how  cus¬ 
tomers  respond  to  these  campa^ns  to  project 


physical  stores.  “When  the  customer  b  on  the  phone  or  walks  in  the 
store,  we  get  more  fresh  data  about  them  to  help  reps  select  the  best 
offer  at  that  specific  time,"  Bessho  says.  “We  can  take  advantage 
of  hbtorical  data,  as  well  as  dynamic  dau,  to  create  personalized, 
focused  ofes  based  on  customer  trends  and  behaviots." 

T-Mobile  also  uses  toob  from  Business  Objects  to  produce 
dashboards  and  detailed  operational  reports  for  marketing 
leaders.  It  will  soon  launch  a  mobile  business-intelligence  capa¬ 
bility  so  marketing  execs  can  view  the  current  performatKe  of 
marketing  campaigtts  on  their  ubiets. 

T-Mobile  still  faces  challenges,  itKiuding  the  need  to  recover 
from  its  failed  buyout  deal  with  AT&T  and  the  June  departure 
of  its  CEO.  But  the  comparty  is  betting  on  customer  insights  to 
bolster  its  future  prospects.  It  plans  to  add  300  mote  customer 
data  attributes  m  the  system  to  deepen  and  broaden  its  analytic 
ill  add  input  from  social  media  as  well.  In  the 
T-Mobile  saw  tSy.ooo  net  customer  addi¬ 
tions,  compared  with  99.000  net  customer 
losses  in  the  first  iprarter  of  2011.  “Our  goal 
b  to  reduce  chum,  enhance  loyalty,  upsell 
and  cross-sell  new  devices  and  rate  pbns, 
and  make  customers  happier,  while  achiev¬ 
ing  better  financial  results,"  Bessho  says. 


first  quarter  of  20 


do  that,  it  feeds  data  into  the  Hana  real-time 
data  analytics  appliance  from  SAP,  which  uses 
in-memory  computing  to  perform  rapid  analyt¬ 
ics  on  large  data  sets.  Thb  allows  stotistics 
modelers  and  business  analysb  to  query  the 
data  and  —  if  they  find  something  unexpected 
—  query  further,  without  irtvolving  IT. 

“You  don’t  have  to  pre-think  what  types  of  analytics  you're 
going  to  do  or  pre-build  the  aggregation  tables  that  you  build 
with  tradition^  B1  solutions,"  Bessho  says.  Plus,  the  dau  can  be 
loaded  more  quickly  into  the  appliance  than  it  can  with  tradi¬ 
tional  analytics  platforms,  and  the  queries  run  55  times  faster 
than  with  a  traditional  daubase.  That  speed  encourages  analysts 
to  exjdore  creatively,  she  says. 

“A  lot  of  the  benefit  b  firiding  the  unknown,”  Bessho  says. 
“They  get  a  surprising  result,  and  they  want  to  drill  down  into 
the  dau  in  ways  they  never  anticipate  So  it's  important  that  the 
tool  b  responsive  and  cuts  throu^  rows  of  dau  quickly." 

Analysts  can  now  determine  the  types  of  campaigns  that  work 
best  fiir  various  customer  groups.  "We  now  know  how  to  go  to  dif¬ 
ferent  customers  with  [different]  ofSsrs,”  Bessho  says.  For  instance, 
one  way  to  segment  customers  b  by  bow  dose  they  ate  to  the  end 
of  their  contracts.  Knowing  thb  —  as  well  as  what  type  of  plans 
theyhave,whattheirctedttscotesate.andwheretheylive  — 
T-Mobile  can,  for  examjde,  send  phone  upgtaile  offers  to  long-term 
customers  and  offers  for  different  rate  plans  to  newer  ones. 

These  offsrs  can  go  out  via  text  message,  email,  the  call  center  or 


never  antidpated. 

So  it’s  important  that 
Retool  is  responsive 
and  cuts  throi^  rows 
ofdataquioify. 


Supervalu:  A  New 
Approach  to  Loyalty 

For  grocers,  the  concept  of  “loyalty”  has  his¬ 
torically  been  tied  to  the  “loyalty  card"  — 
those  ubiquitous  laminated  cards  that  give 
shoppers  autorrutic  discounts.  But  market 
forces  are  drtvitrg  grocers  like  SuperValu 
to  kick  their  customer  loyalty  games  up  a 
notch.  According  to  Wesley  Story,  group 
vice  president  of  consumer  insights  and 
loyalty  at  SuperValu.  competition  b  heating 
up,  especially  as  more  types  of  reuilers  — 
from  big-box  stores  to  dbcounteis  —  add 
grocery  items  to  their  shelves.  About  two 
years  ago,  SuperValu  launched  an  effort  to 
become  mote  customer-centric  by  creating  a  hassle-free  shopping 
environment,  offering  mote  freshly  prepared  fixrds  and  matching 
product  lineups  m  local  tastes. 

Customer  data  gathered  from  loyalty  cards  b  key  to  thb  strat¬ 
egy,  Story  says,  because  it  teveab  buying  trends  and  demographic 
shifts.  “If  you’re  not  careful,  all  of  a  sudden  the  customer  that  was 
your  target  no  longer  lives  around  you,"  he  says. 

According  to  a  study  by  RIS  News  and  IDC  Retail  Insi^b,  lo¬ 
calizing  merchandise  and  personalizing  interactiorts  has  pushed 
business  intelligence  and  analytics  —  in  particular,  in-memory. 

the  priority  list  for  grocers  concert  about  customer  loyalty. 

SuperV^u  has  long  used  a  Teradata  data  warehouse  and 
traditional  BI  took  to  analyze  transaction  and  customer  data.  But 
it  recently  set  up  a  big  daU  analytics  lab  ro  accommodate  faster, 
mote  cornplex,  ad  hoc  queries  against  all  types  of  data,  includ¬ 
ing  unstructured  dau  from  social  media.  The  lab's  toob  include 
TeradaU's  Aster  appliance,  which  collects  rlata  from  operational 
systems  and  pub  it  in  a  nonproduction  daUbase  optimized  for 
analysb;  Hailoop,  an  open-source  analytics  platform  that  uses 
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OBERWEIS  DAIRY: 


Customers 


fered  Identkal  sawigs  oi  SKW  M  ttwoigh  a  yearlong  redu^ 
of  99  cents  per  delivefv.  After  detennining  tha«  the  response  i«K 
forthetwoofTer5werethesatne,thecompanytestedtheirrespec- 
tiw  effects  on  customer  loralty.  The  results  were  dramalk:  Among 
customers  who  responded  to  the  99<xnt  offer,  there  was  a  35% 


more  than  40  ice  cream/dairy  stores,  a  wholesale 
dbtribution  business  and  a  home  delivery  business.  In  2010.  when 
the  company  needed  to  some  changes,  it  invested  in  a  system 

from  SAS  to  make  sure  Its  efforts  would  pay  off. 

So  far.  the  system  has  helped  Oberwels  improve  customer  reten¬ 
tion  in  IB  home  dekvery  business  and  increase  store  profitability 
and  service  times,  according  to  Bruce  Bedford,  vice  president  of 


highest-quality  foods,  listen  to  their  needs  and  respond  quicldy,' he 


outtocustomersthroughdliectmail.door-to-doorvisitsandtheln- 
temcL  Bedford  says  that  many  customers  who  signed  up  for  home 
detvery  in  response  to  direct  mag  campaigns  and  door-to-door 
visBs  canceled  the  service  after  180  days,  but  that  was  not  the  case 
for  those  who  responded  to  Internet  campaigns.  The  internet  was 
the  only  channei  through  which  the  company  (id  not  offer  a  $100 
discount  in  the  form  of  free  deliveries  for  six  rnonths.  The  marketing 


determined,  was  the  menu  board. 'we  never  designed  it  with  the 
intention  of  getting  people  through  the  line  efficiently,’ he  says. 

So  last  fan.  the  marketing  team  came  up  with  four  designs  that  led 

cone  type,  and  featured  images  of  six  popular  sundaes.  The  designs 
also  higMighled  products  with  hi^  profit  mar^  “We  didn’t  want 
to  guide  someone  toward  a  simple  sundae  or  tradWonal  ice  cream 
cone  instead  of  our  waffle  cone,  which  is  an  upsell,’ Bedford  says. 

Using  SAS  modeling,  the  company  tested  the  designs  in  several 
stores.  When  the  best  one  was  rolled  out  Oberweis  saw  an  average 
profit  hoease  of  3%  on  fountain  purchases  and  an  estimated  30% 
improvement  in  service  time  during  peak  hours,  “irs  good  for  the  cus- 


been  able  to  drive  incremental  profitability.' Bedford  says. 

Through  predictive  analytics,  Oberweis  has  also  determined  that 
store  custoniers  who  intend  to  purchase  just  a  bottle  of  mik  are  most 
receptive  to  offers  of  discounted  riuarts  of  ice  cream. ‘Before,  we  had 
no  Idea  that  would  be  beneficial  to  da  but  we  saw  a  dramatic  inctease 
In  ()uarB  of  ice  cream  sold  when  store  staff  was  trained  to  offer  a 
dollar  discount.' Bedford  says. ’The  story  was  lying  there  in  the  data, 
and  by  combing  through  it  with  the  right  tools,  we  couM  draw  it  out’ 
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Cusioma^s 


parallel  processing  to  quickly  analyze  large  data  volumes;  and 
a  visualization  tool  from  Tableau  Software  designed  to  rapidly 
deploy  dashboards  that  mash  up  various  types  of  data,  including 
infbnnation  from  external  sources. 

With  this  setup,  SuperVahi  no  longer  needs  to  kixjw  how  data 
will  be  structured  or  what  questions  it  needs  to  ask.  “If  a  query 
doesn’t  woik,  we  can  just  throw  it  away  because  the  investment  is 
minimal  veisus  weeks  and  months  of  development,"  Story  says. 

The  grocer  is  already  better  able  to  keep  popular  items  in  stock 
by  studying  out-of-stock  dau  from  its  inventory  management 
system,  peak  shopping  times  from  its  transaction  data,  suffing 
levels  from  the  latxir  management  system  and  customer  percep- 
tioDS  from  its  “voice  of  the  customer"  system.  It  has  determined 
that  certain  stores  needed  to  add  a  midday  restocking  shift  to  ac¬ 
commodate  the  rush  of  traffic  between  4  p.m.  and  6  p.m.  “Some 
of  this  is  Retail  101.  But  before,  we  didn’t  know  exactly  what  the 
staffing  levels  needed  to  be  at  what  stores  or  what  the  customer 
perception  levels  were,”  Story  says. 

Analytics  also  enables  SuperVahi  to  engage  with  customers 
through  the  most  e&ctive  medium,  be  it  email,  text  messaging, 
mobile  apps  or  social  media.  Story  says. ’The  old-schord  approach 


was  to  ask  customers  which  channel  they  prefer;  however,  it’s  far 
mote  accurate  to  watch  their  behavior,  he  says.  So,  for  a  highly 
digital  customer,  you  increase  activity  where  they  respond  the 
most  —  maybe  text  and  social  media  —  and  drop  it  in  the  media 
where  they’re  less  active,  like  email  and  snail  mail. 

Predictive  analytics  is  the  next  step.  Story  explains.  The  grocer 
is  experimenting  with  segmenting  customers  and  prerlicting  their 
behavior  by  overlayii^  loyalty<ard  data  with  demographic,  psy¬ 
chographic,  behavioral  and  economic  information  from  external 
provideis.  By  seeing,  for  instance,  the  effects  of  the  recession  on 
shopping  patterns,  SuperValu  can  better  predict  which  customers 
will  switch  to  lower-priced  Hems  during  a  downturn  and  proac¬ 
tively  market  store  brands  to  them. ’The  company  is  also  reachii^ 
out  to  digHally  savvy  consumers  via  mobile  apps  and  social  media. 

“That’s  the  secret  sauce,"  Story  says.  “Bringing  it  all  together 
to  understand  what  the  redemptions  are,  how  we  offered  them, 
through  which  vehicle,  where  they  [were]  redeemed,  which 
Ichannek]  customers  are  most  active  in  —  and  their  social  media 
influence  if  they  are  a  highly  connected  consumer."  • 

her  at  maryhrandel@venzon.net. 
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Interns  aren’t  just  for  grunt  work 
anymore.  Wnenproperfy 
managed,  they  can  bring 
new  insight  to  IT  problems  and 
processes,  by  tam  harbert 


i  iWHATYOUR 

Interns 

CANteacriYou 


Calif,  is  decidedly  not  in  that  camp.  He  spent  last 
summer  helping  a  team  at  the  jet  Piopuh^  Labora¬ 
tory  (JPL)  in  Pasadena,  Calif,  develop  software  that 
NASA  will  soon  use  to  store  data  in  the  public  doud. 
And  Kern's  name  is  on  the  patent  application. 

“My  internship  was  hands-on  —  creating  stuff 
and  helping  JPL  achieve  its  goals,"  says  Kem,  who 
graduated  from  high  school  in  May  and  will  start  his 
undergraduate  studies  at  the  University  of  Califor¬ 
nia,  Berkeley,  this  fall.  “Most  of  my  friends  were 
just  thrown  into  internships,  usually  just  following 
someone  around  and  doing  lots  of  busywork." 

As  Kern's  experience  implies,  employers  that  give 


more  in  return.  Interns  can  bring  valuable  insights 
and  new  skills  to  their  employers. 

“They  bring  in  a  fresh  perspective,  arid  they  are 
far  more  current  on  new  technologies,  such  as  social 
networking,”  says  Suzanne  Fairlie,  president  of 
ProSearch,  an  executive  search  firm  that  focuses  on 
IT  and  finance.  “It's  part  of  their  DNA.” 

But  in  order  for  organizations  to  reap  those  gains, 
Fairlie  stresses  that  internships  require  planning. 


nally  in  the  company  is  identified  to  take  that 
n  or  group  of  interns  under  their  wing,"  she  says, 
ither  than  just  using  interns  as  cheap  (or  free) 


strategically  if  they  want  U 
them. They  should  plan  an 


importantly  —  give  interns  room  to  run. 
le  key  to  all  of  this  is  to  give  the  students  some- 
meaningful  to  do,  something  that  actually  gets 
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talented  hiU-time  employees. 

Here’s  a  look  at  how  JPL  and  some  other  employers 
have  turned  their  interns  into  assets. 


JET  PROPULSION  UB 

■  Lesson  learned:  Chollen^  interns,  but  keep 
reipiirements  loose  enough  to  encourage  innovation. 

■  Value  gained:  Patent  applied /or;  intem-developed 
softvKm  in  process  of  being  deployed. 

IPL  is  a  poster  child  for  great  internships.  That's 
probably  not  surprising,  as  education  is  one  of  the 
missions  of  this  fisletally  funded  research  lab  that’s 
managed  by  the  California  Institute  of  Technology, 

It  has  30  programs  and  brings  in  some  500  students 
(from  both  college  and  high  school)  during  a  typical 
summer,  according  to  Paula  Caterina,  group  supervi- 


to  run,  says  Shams.  "Very  often,  students  surprise  us 
and  come  up  with  a  better  solution  than  what  we  had 
originally  thought,"  he  says.  In  the  case  of  the  cloud 
software  that  Kern  worked  on,  the  idea  was  so  good 
that  JPL  has  applied  for  a  patent  and  is  in  the  process 
of  integrating  the  software  into  a  clouddMsed  data 
backup  pipeline  for  future  NASA  missions. 


EXECUTIVE  OFFICE  OF  THE  PRESIDENT 

■  Lesson  learned:  The  best  results  come  from  projects 
with  contained  scope. 

■  Value  gained;  Improved  efficiency  and  effntiveness 
of  everyday  office  tasks  that  formerly  frustrated 
rank-and-file  employees. 

On  the  other  side  of  the  country,  interns  are  making 

a  difference  in  the  halls  of  government,  including 


“I  created  a  macro  that  turned  this  into  a  single  work- 
flow”  says  Gobaud.  “Click  a  button,  select  the  new 
data  file  and  click  OK.” 

Gobaud  talked  with  his  supervisor  and  then 
prc^iosed  to  Colangelo  the  idea  of  creating  a  team 
of  IT  interns  who  could  identify  more  areas  where 
such  small-scale  automation  could  improve  efficiency 
throughout  the  White  House.  Colangelo  liked  the 
idea.  He  named  it  the  Software  Automation  and 
Technology  (SWAT)  team  and  asked  Gobaud  to  help 
manage  it.  They  selected  four  interns  for  the  first 
session,  which  was  last  summer. 

The  SWAT  team  worked  with  CcJan- 
gelo’s  enterprise  business  solutions  staff, 
which  focuses  on  application  develop¬ 
ment  atKl  solving  business  problems. 

The  interaction  with  real  business 
users  was  a  valuable  experience  for 
the  interns.  "We  would  watch  people 
perform  various  tasks  and  listen  to  what 
frustrated  them,  what  was  consuming 
their  time,”  says  Gobaud. 

Users  may  have  one  solution  in  mind 
while  being  unaware  of  other  technolo¬ 
gies  or  techniques  that  can  help,  says 
Colangelo.  For  example,  they  may  not 
know  that  macro  templates  can  make  publishing 
memos  quicker  and  easier.  “Our  job  as  technologists 
sometimes  is  to  say  to  people,  T  bear  what  you  are 
asking  for,  but  have  yr>u  thought  about  X,  Y  or  Z  to 
solve  the  problem  instead?'  ” 

The  team  first  gained  an  understanding  of  the  cus¬ 
tomers’  objectives  and  needs,  says  Gobaud,  and  then 
proposed  a  way  to  improve  the  process  and,  with 
customer  approval,  started  developing.  “We  used  an 
agile  development  process  and  worked  to  get  a  beta 
version  to  the  customer  ASAP,”  he  says.  “We  would 
then  iterate  and  continue  rlevelopment  while  getting 
feedback  from  the  users.” 

The  program  has  been  expanded  to  seven  interns 
this  summer,  arxl  Colangelo  thinks  that  it  just  might 
inspire  some  IT  students  to  go  into  government. 

Already,  it  has  reinforced  Gobaud’s  goals.  “1  saw 
the  amazing  ability  that  technology  has  to  revolution¬ 
ize  internal  government  operations  and  create  a  lean, 
effective  federal  grwemment,”  he  says.  “Working  at 
the  White  House  cemented  my  career 
goal  of  becoming  a  government  technol¬ 
ogy  leader.” 


WE  ENERGIES 

■  Lesson  learned:  Put  some  teeth  in 
your  internship  program  by  osfeirig 
monikers  to  justi^  student  positions, 
not  merely /ill  them. 

■  Value  gained:  New  hires  aheocfy 
steeped  in  company  culture  and 


In  years  past.  We  Energies,  a  utility  ctsnpany  that 
provkfes  electrirdty  to  parts  of  Wisconsin  and  Michi¬ 
gan,  hadn’t  put  much  effort  into  its  summer  opportu¬ 
nities  for  students,  typically  starting  the  process  too 
late  to  recruit  the  b«t  candidates. 

Recognizing  that  both  the  company  and  the  stu¬ 
dents  cmild  be  getting  more  out  of  the  partnerships, 
amped  its  program  a  couple  of  years 


workers,  according  to  John  Brewer, 
service  desk  manager  at  the  company.  "We  wanted  to 
turn  [internships]  into  a  program  rather  than  just  a 
summer  hiring  exercise,"  he  says. 

The  company  now  has  a  formal  IT 
internship  program  that  runs  for  two 
sutruners,  with  three  to  four  students 
joining  the  program  each  year.  Mean¬ 
while.  it  continues  to  hire  other  students 
to  work  in  less  specialized  summer  jobs. 
The  new  program  gives  interns  an  oppor¬ 
tunity  to  shine  and  gives  the  company  an 
opportunity  to  hire  top  performers. 

One  change  involved  asking  IT  man¬ 
hiring  interns.  Rather  than  just  hearing 
that  the  managers  hope  to  bring  in 
students,  “we  want  to  hear  what  th^  plan  to  do  with 
them,”  Brewer  says.  “We  want  to  make  sure  that  it  isn’t 
just  grunt  wtxk.”  This  approach  not  only  makes  better 
use  ^  interns,  but  also  ensures  that  they  are  matched 
with  projects  that  suit  their  skills  and  aptitudes. 

The  company  also  extended  the  program  over  two 
summers,  giving  interns  more  opportunity  to  work 
in  distent  parts  of  IT  and  also  giving  the  company  a 
longer  window  for  evaluating  their  potential. 

“Since  December  of  2011,  five  interns  have 
graduated  from  school;  all  five  have  been  offered 
permanent  positions,  and  all  five  have  accepted  those 
positions  within  our  IT  department.”  says  Brewer. 

One  such  intern  was  Scott  Sullivan,  now  24  and  an 
associate  IT  application  consultant  for  We  Energies. 

“Through  my  internship,  I  was  able  to  apply  my  ap¬ 
preciation  and  passion  for  IT  to  initiatives  that  support 
critical  processes  and  functions,”  recalls  Sullivan,  who 
spent  one  year  in  the  old  surruner  worker  program  and 
one  semester  as  a  new  IT  intern.  “I  was  given  the  op¬ 
portunity  to  join  the  application  support 
team  and  participate  in  an  ongoing 


“They  haven’t  seen  any  limits  yet." 
says  JPL’s  Soderstrom.  “What  we  have 
to  do  as  managers  is  to  harness  and 
support  that  energy,  and  of  course, 
when  they  break  a  few  eggs,  help  them 
clean  it  up."  ♦ 

Harbcrt  is  a  Whshiiigton.  D.C-based 
writer  specializing  in  technology, 
business  and  public  policy  and  a  frequent 
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mem  in  security-  incident  and  event 
agement.  SIEM  has  been  agreat  invt 
ment  thus  far.  helping  us  thwart  atta 
and  identify  other  malicious  activity 

the  loss  of  sensitive  data, 
unauthorized  access  or  a 
denial-of-service  attack  on 

to  a  bt  of  things  that 
justify  further  invest- 

and  add  Lute  network'^nso 
offices.  The  return  on  those 
will  be  that  more  data  svill  be  correlated 
with  additional  log  and  netflow  feeds 

Next.  I  want  to  upgrade  the  security 
assessment  tools  that  automatically  scan 
our  DMZ  infrastructure  on  a  weekly 
basis,  as  well  as  satisfy  our  regular  audit 
and  assessment  schedule  of  internal 
apps  and  infrastructure.  Our  current 
tools,  though  fairly  effective,  lack  some 


of  the  rich  functionality  that  Qualys. 
nCircle  and  Rapid  7  offer.  Any  of  those 
would  give  us  a  more  robust,  centralized 
management  console,  integration 
with  other  tools  and  better  reporting 
options.  The  productivity  gains  that 
these  products  would  make  possible 
are  a  selling  point;  the  trxil  we  end  up 
choosing  should  pay  for  itself  in  short 
order  just  in  the  area  of  collecting 
security  compliance  data  each  quarter. 

leak  prevention  (DLP). 
When  we  implemented 
DLP  earlier  this  year, 
our  budget  didn't 
allow  for  any  decryp- 

main  feature  of  DLP  is  that  it  can  detect 
documents  being  sent  via  Web-based 
apps  such  as  webmail  and  personal 
storage  sites,  but  we  need  to  decrypt 
the  SSL  traffic  before  our  DLP  tool  can 
inspect  the  data.  In  addition,  we  recently 
migrated  our  Exchange  deployment 
to  Microsoft’s  Office  365  cloud  offer- 

encrypted.  All  of  that  means  we  need  to 
buy  proxy  appliances  and  then  send  all 
our  Web  traffic  to  them  for  decrypting 
ahead  of  going  to  the  DLP  engine  for  in¬ 


spection.  We'll  be  looking  at  either  Cisco 
or  Bluecoat  to  satisfy  this  need. 

Another  area  that  we  need  to  address 
is  protectbn  against  advanced  persistent 
and  zero-day  threats.  We’re  on  schedule 
with  a  proof-of-concepi  of  FireEye,  as  we 
seek  to  understand  the  value  of  this  type 
of  investment.  If  the  pilot  is  successful, 
our  plan  is  to  buy  a  few  appliances  for 
our  larger  offices,  but  complete  enter¬ 
prise  coverage  would  require  an  appli¬ 
ance  at  each  of  our  more  than  40  remote 
offices.  If  FireEye  doesn’t  fit  the  bill,  we’ll 
look  at  other  technologies,  including 

our  Palo  Alto  Network  Firewalls. 

Each  quarter,  I  spend  about  $30,000 
for  outside  firms  to  conduct  penetra¬ 
tion  testing  and  give  us  an  independent 
viewpoint.  One  recent  penetration  test  of 
our  IP  telephony  infrastructure  identi¬ 
fied  several  critical  configuration  issues. 

I  would  like  to  double  that  budget  line  in 
ZO13,  mostly  because  we  ate  expanding 
our  use  of  cloud  technologies  and  will 

As  for  staff.  I’ll  have  a  harder  time.  I'm 
fortunate  in  being  allowed  to  fill  an  open 
position  for  a  security  analyst,  but  I  could 
always  use  more  people.  The  good  news 
there  is  that  my  company  just  announced 

for  the  summer.  I'll  be  asking  for  two. 

All  in  all,  I  know  I'm  pretty  lucky.  Not 
every  security  manager  can  ask  for  so 
much  and  have  a  reasonable  expectation 
of  getting  it.  Still,  our  security  spending 
remains  small,  both  as  a  percentage  of 
the  overall  IT  budget  and  in  terms  of 
security  spending  per  employee.  • 

This  week's  journal  is  written  bya  real 
security  manager.  “Mathias  Thurman,” 


I  know  I’m  pretty  lucky.  Not  every  security 
manager  can  ask  for  so  much  and  hope  to  get  it. 


whose  name  and  employer  hove  been 
disguised /or  obvious  reasons.  Contact  him 
at  mathias_thurman@);ahoo.com. 
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I  r  manage-  has  a  long  wish  list  as  the  ai 
time  rolls  around  once  aga  .i 


rs  tUDSET  TIME  A6AIN,  which  is 
I  a  good  chance  to  assess  our  infor- 
I  matioo  security  defenses  and  decide 
I  which  areas  we  can  best  afford 
to  beef  up.  Here’s  a  look  at  what  I 
think  we'U  be  abk  to  add  this  year. 

First.  I  want  to  increase  our  invest- 

agement.  SIEM  has  been  a  great  invest¬ 
ment  thus  fer,  belong  us  thwart  attacks 
and  identify  other  malicious  activity  that 
could  have  resulted  in 
the  loss  of  sensitive  data. 


our  network.  I  can  point 
to  a  lot  of  things  that 
justify  further  invest¬ 
ment.  My  plan  is  to  erpand  our  license 
and  add  more  network  sensors  to  remote 
offices.  The  return  on  those  investments 
will  be  that  mote  data  will  be  correlated 
with  additional  log  and  netilow  feeds 
from  network  and  server  resources. 

Next,  I  want  to  upgrarle  the  security 
assessment  tools  that  automatically  scan 
our  DMZ  infeastructure  on  a  weekly 
basis,  as  well  as  satisfy  our  regular  audit 
and  assessment  schedule  of  internal 
apps  and  infrastructure.  Our  current 
to^  though  feirly  effective,  lack  some 


of  the  rich  functionality  that  Qualys, 
nCitde  arrd  Rapid  7  ofer.  Any  of  those 
would  give  us  a  more  robust,  centralized 
management  console,  integration 
with  other  tools  and  better  reporting 
options.  The  productivity  gains  that 
ttese  products  would  make  possible 
ate  a  selling  point;  the  tool  we  end  up 
choosing  should  pay  Cm  itself  in  short 
order  just  in  the  area  collecting 
security  compliance  data  each  quarter. 

Then  there’s  data 
leak  pevention  (DLP). 
When  we  implemented 
DLP  earlier  this  year, 
our  budget  didn’t 
allow  for  any  decryp¬ 
tion  infrastructure.  A 
main  featirre  of  DLP  is  that  it  can  detect 
documents  being  sent  via  Web-based 
apps  such  as  webmail  and  personal 
storage  sites,  but  we  need  to  decrypt 
the  SSL  traffic  before  our  DLP  tool  can 
inspect  the  date.  In  addition,  we  recently 
migrated  our  Exchange  deployment 
to  Microsoft’s  Office  365  cloud  offer¬ 
ing,  so  now  even  our  corporate  email  is 
encrypted.  All  rf  that  means  we  need  to 
buy  proxy  appliances  and  then  send  all 
our  Web  traffic  to  them  for  decrypting 
ahead  of  going  to  the  DLP  engine  for  in- 


I  know  I’m  pretty  lucky.  Not  every  security 
numager  can  ask  for  so  much  and  hope  to  get  it 
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spection.  We’ll  be  looking  at  either  Cisco 
or  Bluecoat  to  satisfy  this  need. 

Another  area  that  we  need  to  address 
is  protection  against  advanced  persistent 
and  zero-day  threats.  We’re  on  schedule 
with  a  proof-of-concept  of  FireEye,  as  we 
seek  to  understand  the  value  of  this  type 
of  investment.  If  the  pilot  is  successful, 
our  plan  is  to  buy  a  few  appliances  for 
our  larger  offices,  but  complete  enter¬ 
prise  coverage  would  requite  an  appli- 
atKe  at  each  erf  our  mote  than  40  remote 
offices.  If  FireEye  doesn’t  fit  the  bill,  we’ll 
lot*  at  other  technologies,  including 
WildFire,  which  is  already  bundled  with 
our  Palo  Aho  Network  Firewalls. 

Each  quarter,  I  spend  about  $30,000 
felt  outsit  firms  to  conduct  penetra¬ 
tion  testing  and  give  us  an  independent 
viewpoint.  One  recent  penetration  test  of 
our  IP  telephony  infrastructure  identi¬ 
fied  several  critical  configuration  issues. 

I  would  like  to  double  that  budget  line  in 
2013,  mostly  because  we  are  expanding 
our  use  of  cloud  technologies  and  will 
need  mote  assessments  to  keep  up. 

As  for  staff.  I’ll  have  a  harder  time.  I’m 
fortunate  in  being  allowed  to  fill  an  open 
position  few  a  security  analyst,  but  I  could 
always  use  mote  people.  The  good  news 
there  is  that  my  company  just  armounced 
a  summer  internship  program.  At 
nominal  cost,  I  can  hire  a  college  intern 
for  the  summer.  I’ll  be  asking  for  two. 

All  in  all,  I  know  I’m  pretty  lucky.  Not 
every  security  manager  can  ask  few  so 
much  and  have  a  reasonable  expectation 
of  getting  it.  Still,  our  security  spending 
remains  small,  both  as  a  percentage  of 
the  overall  IT  budget  and  in  terms  of 
security  spending  per  employee.  ♦ 

This  week’s  journal  is  written  by  a  real 
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the  central  bank  of  an  island  kingdom 
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a  home  shopping  channel  watched  'round  the  world 
a  telecom  dressed  in  pink 
a  financial  institution  with  passion  for  performance 
a  four  letter  group  of  chemical  companies 
an  aircraft  engine  manufacturer  gone  automaker 
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Good  as  the 
Nexus  7  is,  the 


Android  4.1, 
known  as 


HidMb  has  been 
writing  about 
technology  and  the 
business  of  technology 
since  CP/M-80  was 
cutting-edge  and 
300bps  was  a  fast 
tntemet  connection  - 


VAUGHMINICHOlSl 


Can  Android  Tablets 
Finally  Take  On  the  iPad? 


Do  YOU  REMEMBER  APRIL  2010?  That  was  when  the  tablet 
market  sprang  to  life. 

Tablets  had  been  around  for  more  than  a  decade,  but  hardly 
anyone  outside  of  certain  vertical  industries  (utilities,  for  exam¬ 
ple)  had  noticed  them.  When  Apple  released  the  iPad  in  April  2010, 
everything  changed. 


The  iPad  wasn't  destined  bx  some  niche  maiket; 
it  was  an  object  of  desire.  Apple  claimed  that  it  sold 
300,000  iPads  on  the  fiist  day  that  it  was  available. 
No  other  vendor  had  technol^  that  could  come 
close  to  competing  with  iOS  on  the  iPad. 

Many  tried.  There  was  the  now  largely  forgot¬ 
ten  Moblin  operating  system,  RIM’s  PlayBook 
os,  Intel  and  Nokia’s  short-lived  Meego,  Chrome 
OS  and,  of  course.  Android,  most  promisingly 
realized  in  the  Samsung  Galaxy  Tab  io.i.  None  of 
them  was  good  enough  to  seriously  compete  with 
Apple,  in  either  2010  or  2011. 

But  now  it’s  2012,  and  at  long  last,  we  have  a 
ctmtender:  Google's  Nexus  7,  running  Android  4.1. 
Until  now,  the  most  successful  Android  tablets 
were  actually  e-readers,  like  Barnes  &  Noble’s 
Nook  and  Amazcm’s  Kindle  Fire.  The  Nexus  7  is 
something  much  more. 

While  we  don’t  have  hard  numbers  yet, 
the  Nexus  7  has  been  selling  at  the  kind  of  frantic 
rate  not  seen  outside  of  Apple  devices.  Thanks 
to  Android,  the  Nexus  7  has  certain  advantages 
in  software  selection,  customization  possibilities 
and  built-in  apps.  It  also  has  a  significant  advan¬ 
tage  in  price;  ITie  Nexus  7  costs  $200  less  than 


favor  of  either  one.  I  prefer  the  Nexus  7’s  smaller 
size,  but  I  can  certainty  understand  why  someone 
else  would  want  the  larger  iPad,  especially  with  its 
Retina  display  (which,  of  course,  makes  the  price 
difference  even  larger). 

No,  the  teal  game-changer  is  Android  4.1, 
known  as  Jelly  Bean,  which  will  also  power 
Amazon’s  forthcoming  Kindle  Fire,  which  will 
be  much  more  than  a  mere  e-reader,  with  its 
quad-core  processor,  firont-focing  camera,  micro 
USB  port  and  bigger,  better  display.  We  can  also 
expect  to  see  Jelly  Bean  in  a  new  model  trf  the 
Nook,  and  then  the  floodgates  will  open.  I  expect 
to  see  many  good  Android  tablets  with  4.1  under 
the  hood,  in  sizes  ranging  from  the  now  popular 
7  inches  to  an  iPad-matching  10  inches.  And  good 
or  bad,  all  of  them  will  be  priced  below  the  top-of- 


BeyondtheNexus? 

If  tlds  were  just  a  battle  between  the  iPad  and 
the  Nexus  7, 1  wouldn’t  be  writing  this  column.  I 
happen  to  like  both  devices,  and  I  could  argue  in 


As  we  head  toward  the  2012  holiday  season, 

1  expect  iPad  to  finally  have  serious  competi¬ 
tion  from  Android  teblets.  I  suppose  it’s  possible 
that  Microsoft,  with  its  Surfoce  and  Windows  8 
tablets  running  on  x86  processors  and  Windows 
RT  tablets  running  on  ARM  pirxessors,  could 
be  a  contender  as  well,  but  I  don’t  foresee  that. 
Android  and  its  various  hardware  vendors  have 
just  spent  the  past  two  years  showing  how  hard 
it  is  to  compete  with  A^le  in  the  tablet  market; 
Windows  is  too  late  to  t^  game  to  compete  in 
this  round.  It  might  catch  up  later,  but  right  now 
the  story  is  Android.  ♦ 
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Certified 

in  Risk  and  Information  Systems 
Controi 

What  doei  a  certification  in  risk  and  information  systems  con¬ 
trol  cover?  CR'SC  is  for  professionals  who  have  experience  in  devel¬ 
oping  effective  controls  to  manage  IT  risk.  They  are  the  individuals  in 
an  enterprise  who  provide  guidance  to  management  on  the  impact 
of  risk  and  its  effect  on  business  operations  and  the  overall  health 
of  the  enterprise.  They  are  also  responsible  for  communicating  the 
risk  to  others  throughout  the  business  by  establishing  a  common 
language  for  the  enterprise. 

CRISC.  which  IS  based  on  independent  market  research  and  the  input 


deivtand  IT  risk  maiiifnMnt  as  it  andtos  fa  ownl  Iwslnest 

process?  The  focus  of  the  CRISC  certification  is  on  the  IT  risk  profes¬ 
sional  gaining  the  tools  and  knowledge  to  evaluate  the  enterprise  as 
a  whole.  Effective  enterprise  nsk  management  requires  an  integrated 
and  holistic  approach.  The  first  three  domains  that  CRISC  focuses  on  - 
risk  identification,  assessment  and  evaluation;  risk  response;  and  risk 
monitoring  -  provide  the  framework,  from  an  organizational  perspec¬ 
tive.  for  managing  and  mitigating  IT  risk  across  business  processes 
and  technology.  In  addition.  CRISC  gives  risk  professionals  a  common 
language  for  communicating  within  IT  and  with  the  greater  enterprise 
about  risk.  Based  on  the  input  from  the  CRISC  professional,  enterprises 
are  then  able  to  make  effective  risk-based  decisions  and  prioritize  ef¬ 
forts  and  resources  to  those  areas  that  are  most  at  risk. 
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The  chair  of  ISACA’s 
Credentialing  Board 
talks  about  the  organizations  Certified 
inltisk  and  Information  Systems 
Control  certification. 


sc  is  for  professionals  who  have  experience  in  devel¬ 
oping  effeaive  controls  to  manage  IT  risk.  They  are  the  individuals  in 
an  enterprise  who  provide  guidance  to  management  on  the  Impact 

of  risk  and  its  effect  on  business  operations  and  the  overall  health 

of  the  enterprise.  They  are  also  responsible  for  communicating  the 
risk  to  others  throt«hout  the  business  by  establishing  a  common 


CRISC  which  is  based  on  independent  market  research  and  the  input 


tion?  The  CRISC  credential  is  for  those  who  are  experienced  in  both 
risk  and  control.  The  areas  of  the  job  practice  cover  five  domains: 
Risk  identification,  assessment  and  evaluation;  risk  response;  risk 
monitoring;  information  systems  control  design  and  implementation; 
and  IS  control  monitoring  and  maintenance. 

Experience  is  required  to  become  certified.  Individuals  need  veri¬ 
fied  evidence  of  at  least  three  years  of  work  experience  in  three  of 
the  domains  for  risk  management  and  IS  control. 


praaitf  ThefocusoftheCRISCcertificationisonthelTrisk  profes¬ 
sional  gaining  the  tools  and  knowledge  to  evaluate  the  enterprise  as 
a  whole.  Effertive  enterprise  risk  management  requires  an  integrated 
and  holist'ic  approach.  The  first  three  domains  that  CRISC  focuses  on  - 
risk  identification,  assessment  and  evaluation:  risk  response:  and  risk 

monitoring  -  provide  the  framework,  from  an  organiaational  perspec¬ 

tive.  for  managing  and  mitigating  IT  risk  across  business  processes 
and  lechnology.  In  addition,  CRISC  gives  risk  professionals  a  common 

language  for  communicating  within  IT  and  with  the  greater  enterprise 
about  risk.  Based  on  the  input  from  the  CRISC  professional,  enterprises 
are  then  able  to  make  effective  risk-based  decisions  and  prioritize  ef¬ 
forts  and  resources  to  those  areas  that  are  most  at  risk.  ■ 
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It's  a  miscon¬ 
ception  that 
theconsumer- 
izationoflTis 
merely  BYOD. 


Scot  Finale  is 

Computermrld'i 
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You  can  contact 
him  at  sfinnie@ 
coenputerworld.com 
and  follow  him  on 
Twitter  OScotFinnie). 


Have  you  noticed  that  the  term  BYOD  is  on  the  rise  and  has 
become  virtually  synonymous  with  the  much  broader  and 
deeper  term  “consmnerization  of  IT”  (CoIT)? 

It’s  a  common  misconception  that  CoIT  is  merely  the  trend 


toward  employees  using  their  own  smartphones, 
laptops  and  tablets  for  work  tasks  like  accessing 
corporate  email,  contacts,  calendars  and  apps. 

But  while  mobile  hardware  is  the  starting  point  of 
CoIT,  there’s  far  more  to  it. 

Underlying  CoIT  is  a  trend  some  have  called 
“m-business.’’  It’s  a  "woik^style’’  shift  involving 
businesspeople  using  mobile  devices  as  their 
primary  means  of  connecting  to  the  Internet, 

colleagues.  The  new  work-style,  which  mixes  home 
and  work  activities  through  days,  evenings  and 
weekends,  has  profoundly  changed  the  way  people 
work  and  is  begitming  to  afiect  the  expectations 
that  companies  have  of  their  employees.  There  are 
management  and  HR  issues  and  very  teal  concerns 
about  work/life  balance  and  how  that  might  afiect 
the  productivity  and  well-heir^  of  employees.  So 
CoIT  is  not  merely  about  a  different  type  of  hard¬ 
ware;  it’s  about  a  ifierent  way  of  working. 

It’s  also  a  movement  toward  simpler  interfaces, 
inspired  by  social  media,  mol^  apps  and  doud- 
bas^  apps  and  services.  The  rise  of  app  stores 
overflowing  with  free  or  inexpensive  problem¬ 
solving  tools  is  reshaping  user  expectations  about 
what  software  is  and  what  it  does.  Many  IT  depart¬ 
ments  ate  adopting  single-purpose  apps  adapted 
to  enterprise  use.  The  look  and  feel  of  social  media 
software,  as  well  as  its  people-powered  nature,  has 
a  huge  influence  on  consumerization  —  and  it  has 
nothing  to  do  with  businesspet^le  bringing  their 
personal  devices  into  the  office. 

Public  clouds  aimed  at  end  users  are  another 
important  aspect  of  CoIT.  The  syncing  of  email, 
calendars  and  user  data  across  multiple  devices  is 


perhaps  the  best  example  of  consumer-oriented 
cloud  services  used  for  business  purposes. 

Of  course,  CoIT  raises  security  concerns. 

Most  smartphones  and  tablets  aren’t  built  with 
enterprise-class  security  —  though  that  is  start¬ 
ing  to  change.  But  it’s  not  just  afaoirt  hardware 
security  features;  when  you  welcome  all  manner 
of  devices,  the  potential  for  security  snafus  nrulti- 
pUes.  It’s  also  easy  to  lose  a  mobile  device  or  have 
it  stolen.  All  of  these  factors  threaten  corporate 
data.  PubUc  clouds  and  Web-based  apps  also 
create  security  risks. 

The  vaguely  derogatory  term  BYOD  probably 
started  off  as  some  IT  person’s  joke,  a  takeoff  on  a 
similar  acronym  that  rhymes  with  it.  “Bring  your 
own  device"  takes  the  end  user’s  point  of  view,  not 
IT’s.  But  it  defines  a  very  narrow  aspect  of  CoIT  — 
and  misses  some  of  its  most  important  aspects. 

-  And  CoIT  is  very  important.  That’s  why  Com- 
puterworld  has  been  working  hard  to  stay  abreast 
of  this  fast-growing  trend.  We  recently  updated 
and  augmented  the  topic  centers  on  our  website, 
adding,  among  others,  new  topic  pages  that  track 
all  the  stories  we  publish  about  CoIT  and  BYOD. 
Computerworld’s  parent  company,  IDG  Enterprise, 
(with  some  help  from  yours  trrrly)  just  launched 
a  new  online  publication  called  CfTEivorld.com. 
“CITE”  stands  for  “consumerization  of  IT  in  the 
Enterprise.”  CITEworld  txrvers  CoIT  from  the  IT 
perspective.  IDG  Enterprise  also  launched  the 
companion  CITE  Conference  and  Expo  in  March. 
Coming  in  October,  the  one-day  CITE  Forum  will 
be  held  in  New  York. 

It’s  all  part  of  our  commitment  to  keeping  up 
with  the  things  that  really  matter  to  IT  today.  * 
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